In January 2016 the retail outdoor gear and clothing company, BaileysOnline.com published a Notice of Data Breach to notify its customers that a cyber intrusion attack may have exposed their highly sensitive personal information. Baileys’ initial information on the breach indicated to its customers that the breach had began on September 25, 2015, however that information proved to be incorrect.
The company said that after conducting a vigorous forensic investigation the team of examiners realized that the attacks on BaileysOnline.com may have actually dated back to December 2011. Their examination showed that cyber thieves were able to access Baileys’ data systems remotely, overpowering its firewall and other security protocols which exposed Baileys’ customer’s credit card and personal data to the hackers.
The Notice outlined that 250,000 customer credit and debit card information was accessed, making note that 64 percent of the stolen credit card data were issued by Visa, 25 percent were MasterCard, five percent were American Express and six percent was Discover cards. Baileys informed its clients that if they had opened an account during the period of time the cyber criminals had access to their systems – from December 1, 2011 to January 26, 2016 – it is possible that their personal information was exposed.
This sensitive personal information includes the clients name, address, email address, telephone numbers, user name and password for Baileys, payment info, credit card numbers, expiration date, and CCV numbers. The only good news here is that according to Baileys their customer’s social security numbers, bank account numbers, or PINs were not exposed during the breach.
The notification goes on in what has become standard practices in these days of cyber breaches to explain how sorry they are that this has occurred and what they are doing about it, which in their case is to hire an outside security expert team to identify any weaknesses in their systems and make and implement suggestions to strengthen them so this can’t happen in the future.
Instead of following standard protocol in the industry by offering affected customers with personal identity protection, BaileysOnline.com chose to simply spend the money on strengthening their cyber security. Bailey’s statement explained that security experts have strengthened their firewall and replaced their server with hardware as well as strengthening other security protocols within their system. Baileys then asks that its customers to help take preventive measures of their own and provide a long list of standard “good security practices” and immediate suggestions for them to implement such as the following:
Links For Consumers Affected:
For questions relating to this event please call (888) 582-3816 between the hours of 8:00 a.m. and 5:00 p.m. P.S.T Monday though Friday.
Additional Resources About This Breach:
http://www.batblue.com/baileys-data-breach-affects-250000-customers/